Cross Domain Auto Login

I'm implementing a plug-in that's embeddable in different sites like disqus.The plug-in is supposed to be embeddable in sites with different domain names whic I don't own. I would like to access user login status if user has already logged in an other site that is using my plug-in. I haven't able to find an answer to do this yet.

What I need is:

  • If user logged in domain A.com that using my plug-in, user should be able to automatically login in other domain B.com which uses my plugin. (I don't own A.com and B.com)

How can I do that?

Thanks in advance.

Answers:

Answer

Due to CORS protection, if the server A or B don't allow cross domain request, you can't call them from the browser itself. It's a security feature.

If you want to do this and don't have access directly on A and B, you will have to use A and/or B API (if they exist) or use a C server as an intermediary for your requests.

Answer

Request header as well as server CROS prevention mechanism will not allow to login. Below is one of the solution to achive it.

SSO Single Sign ON, is one of the way by that we can come up with this problem. To achive SSO just create some service that will check for token (token based authetication as well as we can check for coming url request) and allow login (it is no where related to Windows, Forms authentication).

It's a kind of third party authentication mechanism, which will work basis of token based security and allow login.

Tags

Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.